Move Cyber Threats On To Another Target Encrypt Everything, Everywhere Imam Sheikh Director, Product Management Vormetric
State of the Market
Evolving Threats Today s spectrum of Insider Threats TRADITIONAL INSIDERS PRIVILEGED USERS HACKERS ACTIVELY TARGETING INSIDER ACCOUNTS CRIMINAL HACKERS CLOUD/SAAS NATION STATES BIG DATA POROUS PERIMETERS IN THE PAST COMPANY EMPLOYEES WITH KNOWLEDGE-REQUIRED ACCESS TODAY WE MUST ADD IT PERSONNEL, CONTRACTORS SERVICE PROVIDER EMPLOYEES COMPROMISE OF INSIDER ACCOUNTS BY OUTSIDERS (ISC) 2 e-symposium 3
Failing to Secure Their Data GLOBAL- 40% X ASEAN United States UK Japan 48% 44% 40% 29% 26% EXPERIENCED A DATA BREACH OR FAILED A COMPLIANCE AUDIT Germany GLOBAL- 29% ASEAN United States UK Germany Japan 38% 33% 27% 25% 7% ARE PROTECTING DATA BECAUSE OF A PARTNER OR COMPETITOR S BREACH (ISC) 2 e-symposium 4
Targets of Sensitive Data Acquisition Hackers target where the data resides DATABASES FILE SERVERS CLOUD 49% 39% 36% (ISC) 2 e-symposium 5
Industry and Security Experts Alike: Encrypt Everything (ISC) 2 e-symposium 6
Sensitive Data Protection Technologies Data in Motion Data at Rest SSL, SSH, HTTPS, IPSEC ENCRYPTION, TOKENIZATION, MASKING (ISC) 2 e-symposium 7
Practical Encrypt Everything
Where is Sensitive Data? If you re not sure You are at risk Remote? On Servers? On Different Environments? On Varying Storage? App Servers Database Servers Enterprise / Hosted / Outsourced Data Centers NAS Users Storage Servers Web Servers SaaS, PaaS, IaaS Clouds SAN Remote Servers Windows Linux Unix Cloud Storage Big Data Environments (ISC) 2 e-symposium 9
Good News Widening adoption of encryption 35% 15% Feb 2014 (ISC) 2 e-symposium 10
Bad News A disjointed, expensive collection of point products Expense Reports Customer Records PII Compliance Cloud Migration Physical Security Tape Archives Privileged User Control File Encryption Database Encryption App Encryption Cloud Encryption Full Disk Encryption Key Management Access Policies + + + + + + Each use case requires individual infrastructure, management consoles and training. Complex Inefficient - Expensive (ISC) 2 e-symposium 11
No Magic Bullet (ISC) 2 e-symposium 12
The Encrypt Everything Three Step Program 1. Set Vision Statement 2. Develop Policy 3. Develop Implementation Strategy (ISC) 2 e-symposium 13
Set Vision Statement Protect all sensitive data to keep my organization out of the data breach news section. (ISC) 2 e-symposium 14
Develop Policy Analyze & State your corporate, organizational and security requirements/needs Analyze & State the drivers for your strategy Understand the security and compliance requirements from business units Classify sensitive data further (ISC) 2 e-symposium 15
Develop Implementation Strategy Recommended by Ovum Concentrate on protecting data at the source Make encryption with access controls the default Monitor and analyze data access patterns Replace point solutions with data security platforms (ISC) 2 e-symposium 16
Realizing the Vision Within Budget
Types Of Encryption App Level Encryption, Tokenization, TDE, Data Masking File Encryption with access control Disk Encryption (FDE) (ISC) 2 e-symposium 18
Databases & Big Data Considerations Data sources/nodes, Configuration, Logs, Reports, Targets (ISC) 2 e-symposium 19
File Servers Considerations User: AccountsPayable App: ERP What: Read File Time: 2PM 11/14/2013 Where: ERP Directory User: SystemAdmin- Group Process: Cat command What: Read File Time: 2PM 11/14/2013 Where: HR ERP Directory File Level Encryption Block access and log attempt Data Auditing Separation of duties Accounts HR ERP Payable Directory Directory Access Policy #1 User: AccountsPayable App: ERP Opp: Read Only Time: Any Resources: Any (ISC) 2 e-symposium 20
Cloud Considerations Secure VPN Key Manager (virtual or physical appliances) Deployed on premise Key Manager (virtual or hosted physical appliances) Deployed in cloud Key management: Appliance on premise Virtual appliance on premise Virtual Key Management appliance in cloud Appliance hosted by provider Auditing Hybrid Cloud (ISC) 2 e-symposium 21
Vormetric Data Security Platform Ready for the next use case (ISC) 2 e-symposium 22
Vormetric Data Security Platform Enabling an Encrypt Everything strategy (ISC) 2 e-symposium 23
Example Use Cases
McKesson Healthcare Company Challenge Action Result Had to meet many compliance requirements Business Groups deploying many encryption solutions Level of solution quality varied Very expensive Vormetric Data Security Platform Leveraged multidomain management Available enterprisewide Higher availability Consistency Significant TCO reduction (ISC) 2 e-symposium 25
Fortune 100 Finance Company Challenge Faced with a customer mandate, traditional encryption approaches were sized at a 24 month engineering effort Action Vendor bake-off Deployed Vormetric Transparent Encryption Result Protected 160 servers in less than 3 months Have easily expanded solution to meet many more use cases (ISC) 2 e-symposium 26
Questions www.vormetric.com